Patient Privacy & Security

Healthcare Security: What Your Practice Needs to Know

With recent ransomware attacks, hospitals and private practices must prioritize healthcare security to protect patients' privacy. Is your practice ready?

Recently, anonymous cybercriminals launched massive ransomware attacks to compromise and, in many cases, shut down companies around the globe — including hospitals. While the targets of these attacks are typically large organizations, all businesses are vulnerable due to the availability of ransomware toolkits and the rapid spread of modern technology in the healthcare industry. In fact, 50 percent of all cyberattacks occur in the healthcare sector. For this reason, private gynecology medical practitioners need to make healthcare security a top priority.

What Is Ransomware?

In a ransomware attack, a threat actor gains access to a system, freezes it by encrypting the files and locks legitimate users out of the system until a fee is paid. Unlike other hackers who are looking to steal secure data, ransomware attackers want to disrupt the business entirely to encourage victims to pay up quickly.

In 2016, for example, Hollywood Presbyterian Medical Center in Los Angeles paid a $17,000 ransom in bitcoin after fraudsters took control of the hospital's entire computer system, the Los Angeles Times reported. Once the ransom was paid, the cybercriminals gave the hospital the decryption key to unlock its files. A similar attack struck the U.K.'s National Health Service this year, when the WannaCry ransomware locked critical data and caused medical procedures to be put on hold.

Ransomware attacks are still relatively rare, but developers of ransomware code are growing more sophisticated. With the latest tools, attackers don't have to be computer geniuses to cause widespread damage. In the past, only PC users were at risk, but ransomware has recently branched out to affect Apple devices as well. Furthermore, with the expansion of technology, ransomware criminals have begun to attack mobile and wearable devices, threatening tools such as pacemakers and insulin pumps, according to Wired

Five Healthcare Security Best Practices

In the end, most victims have little choice but to pay up. Medical practitioners should take steps to improve their security, especially since paying the ransom in the event of an attack does not guarantee the safe return of compromised files. Below are some best practices for ensuring healthcare security.

  1. Keep computer systems up to date. Always install updates and security patches as soon as they come out. In addition, ensure that all third-party and cloud-based vendors connected to your system conduct regular updates. Tools such as ultrasound systems have advanced security features such as whitelisting and HD encryption to protect sensitive data. You can ensure that your security systems are equally strong by installing and updating the latest firewall and antivirus software.
  2. Back up your files regularly. When a ransomware attack struck two German hospitals in early 2016, as reported by DW, security personnel were able to ignore the fraudsters' demands for payment because they had recent backups of critical files. If you aren't backing up every day, however, you may lose the data you stored since your last backup. Also keep in mind that ransomware can attack backup systems, too.
  3. Establish security rules. Humans are the weakest link in the security chain. A single user can compromise an entire organization by simply opening a spam email. Inform your staff about ransomware attack possibilities and the importance of healthcare security. Create rules to remind employees that they should never open attachments they are not expecting and implore them to double-check email addresses before opening. Also discourage users from downloading software from unknown sites and educate them about ransomware scare tactics, such as fake pages that claim the FBI has locked a device due to suspicion of downloading illicit files.
  4. Conduct a cybersecurity audit. An audit is different from what a typical IT team does. Third-party companies can evaluate your system to find vulnerabilities and provide solutions to improve your security posture.
  5. Look for fixes in the event of an attack. When ransomware strikes, it's easy to panic and jump to pay the ransom as soon as possible to regain access to your files. However, some types of ransomware have known fixes, and an online search can lead you to easy solutions. When dealing with advanced attacks, you may want to hire a cybersecurity expert to help you assess the damage and strengthen your security capabilities to withstand future incidents.

Protect Your Practice and Your Patients

Ransomware is one of the biggest threats to healthcare security across the globe. By being aware of this new threat and instituting a few smart security measures, private practitioners can help reduce their chances of falling victim to ransomware and similar attacks. Adequate defense against cyberthieves is crucial to both your practice's bottom line and your patients' privacy.